CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 2CVE-2024-47177 – cups-filters vulnerable to Command injection via FoomaticRIPCommandLine
https://notcve.org/view.php?id=CVE-2024-47177
26 Sep 2024 — CUPS is a standards-based, open-source printing system, and cups-filters provides backends, filters, and other software for CUPS 2.x to use on non-Mac OS systems. Any value passed to `FoomaticRIPCommandLine` via a PPD file will be executed as a user controlled command. When combined with other logic bugs as described in CVE_2024-47176, this can lead to remote command execution. • https://packetstorm.news/files/id/182767 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 15CVE-2024-47176 – cups-browsed binds to `INADDR_ANY:631`, trusting any packet from any source
https://notcve.org/view.php?id=CVE-2024-47176
26 Sep 2024 — CUPS is a standards-based, open-source printing system, and `cups-browsed` contains network printing functionality including, but not limited to, auto-discovering print services and shared printers. `cups-browsed` binds to `INADDR_ANY:631`, causing it to trust any packet from any source, and can cause the `Get-Printer-Attributes` IPP request to an attacker controlled URL. Due to the service binding to `*:631 ( INADDR_ANY )`, multiple bugs in `cups-browsed` can be exploited in sequence to introduce a malicio... • https://packetstorm.news/files/id/181978 • CWE-20: Improper Input Validation CWE-749: Exposed Dangerous Method or Function CWE-940: Improper Verification of Source of a Communication Channel CWE-1327: Binding to an Unrestricted IP Address •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-35235 – Cupsd Listen arbitrary chmod 0140777
https://notcve.org/view.php?id=CVE-2024-35235
11 Jun 2024 — OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.8 and earlier, when starting the cupsd server with a Listen configuration item pointing to a symbolic link, the cupsd process can be caused to perform an arbitrary chmod of the provided argument, providing world-writable access to the target. Given that cupsd is often running as root, this can result in the change of permission of any user or system files to be world writable. Given the afore... • http://www.openwall.com/lists/oss-security/2024/06/11/1 • CWE-59: Improper Link Resolution Before File Access ('Link Following') CWE-252: Unchecked Return Value CWE-277: Insecure Inherited Permissions •
CVSS: 7.0EPSS: 0%CPEs: 6EXPL: 3CVE-2023-4504 – OpenPrinting CUPS/libppd Postscript Parsing Heap Overflow
https://notcve.org/view.php?id=CVE-2023-4504
21 Sep 2023 — Due to failure in validating the length provided by an attacker-crafted PPD PostScript document, CUPS and libppd are susceptible to a heap-based buffer overflow and possibly code execution. This issue has been fixed in CUPS version 2.4.7, released in September of 2023. Debido a un error al validar la longitud proporcionada por un documento PPD PostScript creado por un atacante, CUPS y libppd son susceptibles a un desbordamiento del búfer y posiblemente a la ejecución de código. Este problema se solucionó en... • https://github.com/OpenPrinting/cups/releases/tag/v2.4.7 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 7.1EPSS: 0%CPEs: 7EXPL: 1CVE-2023-34241 – CUPS vulnerable to use-after-free in cupsdAcceptClient()
https://notcve.org/view.php?id=CVE-2023-34241
22 Jun 2023 — OpenPrinting CUPS is a standards-based, open source printing system for Linux and other Unix-like operating systems. Starting in version 2.0.0 and prior to version 2.4.6, CUPS logs data of free memory to the logging service AFTER the connection has been closed, when it should have logged the data right before. This is a use-after-free bug that impacts the entire cupsd process. The exact cause of this issue is the function `httpClose(con->http)` being called in `scheduler/client.c`. The problem is that httpC... • http://www.openwall.com/lists/oss-security/2023/06/23/10 • CWE-416: Use After Free •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1CVE-2023-32324 – OpenPrinting CUPS vulnerable to heap buffer overflow
https://notcve.org/view.php?id=CVE-2023-32324
01 Jun 2023 — OpenPrinting CUPS is an open source printing system. In versions 2.4.2 and prior, a heap buffer overflow vulnerability would allow a remote attacker to launch a denial of service (DoS) attack. A buffer overflow vulnerability in the function `format_log_line` could allow remote attackers to cause a DoS on the affected system. Exploitation of the vulnerability can be triggered when the configuration file `cupsd.conf` sets the value of `loglevel `to `DEBUG`. No known patches or workarounds exist at time of pub... • https://github.com/OpenPrinting/cups/security/advisories/GHSA-cxc6-w2g7-69p7 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 7.2EPSS: 0%CPEs: 24EXPL: 0CVE-2022-26691 – cups: authorization bypass when using "local" authorization
https://notcve.org/view.php?id=CVE-2022-26691
26 May 2022 — A logic issue was addressed with improved state management. This issue is fixed in Security Update 2022-003 Catalina, macOS Monterey 12.3, macOS Big Sur 11.6.5. An application may be able to gain elevated privileges. Se abordó un problema de lógica con una administración de estados mejorada. Este problema es corregido en Security Update 2022-003 Catalina, macOS Monterey versión 12.3, macOS Big Sur versión 11.6.5. • https://github.com/OpenPrinting/cups/commit/de4f8c196106033e4c372dce3e91b9d42b0b9444 • CWE-288: Authentication Bypass Using an Alternate Path or Channel CWE-697: Incorrect Comparison •